All those data breaches are coming back to haunt us. Once our phone numbers and addresses began to be leaked, it was only a matter of time before scammers would personalize their attacks to make them seem more real. The latest “sextortion” scams purport to have compromising video of you taken from your computer’s webcam, backing it up with your phone number and a Google Street View-like image that matches your leaked address. They make a lot of claims and dire-sounding threats, but talk is cheap, and there’s nothing behind them. Do not pay the scammers!
(Featured image by iStock.com/Thapana Onphalai)
Social Media: Scams are starting to incorporate personal information stolen in data breaches, so you may get “sextortion” threats that purport to know your phone number, address, and more.
Although we’re still fans of 1Password, and there are plenty of other good password managers out there, like BitWarden and Dashlane, Apple has finally removed the last hurdle to using its built-in password management capabilities.
Starting in macOS 15 Sequoia, iOS 18, iPadOS 18, and visionOS 2, Passwords is now a real app rather than being trapped inside Safari, System Settings, and Settings. If you have resisted using a password manager or don’t wish to continue subscribing to an alternative, give Apple’s Passwords a try. It makes creating, maintaining, and entering passwords faster, easier, and more secure than doing it by hand. Those already using a password manager can export their accounts and import into Passwords.
What You’ll Find in Passwords
We’ll focus on the Mac version here, but the other versions are nearly identical apart from their screen sizes.
The left-hand sidebar, reminiscent of Reminders, provides categories of accounts:
All: Select All to see all your accounts, regardless of what shared group they may be in.
Passkeys: If you have any passkeys for large websites like Apple, Google, and others, they’ll appear here.
Codes: Passwords can create, store, and enter two-factor authentication codes for sites that support them. If you need to look one up manually because Passwords couldn’t autofill it, you’ll find the associated account here.
Wi-Fi: This category contains stored passwords for all the known Wi-Fi networks on your device. Because known Wi-Fi networks aren’t synced between devices, the number of these will vary between your devices.
Security: If you have any accounts with weak passwords, accounts you previously shared and stopped sharing, or accounts whose passwords were leaked in a security breach, they’ll appear here. Edit these accounts and click the Change Password button to start the process; when the password changes, they’ll disappear from this category.
Deleted: Any accounts you delete stay here for 30 days before being deleted for good. You can delete any of these accounts immediately or restore them to their previous group.
Shared Groups: If you use Family Sharing, you automatically get a Family Passwords group to simplify sharing important accounts with your family members. But you can also share accounts with other groups of Apple device owners. To move an account to a group, choose it from the Group pop-up menu.
The middle pane lists the accounts in the selected category. You can sort the list using the menu with vertical arrows, search for a specific account, and manually add a new one with the + button. Otherwise, scroll through the list and click an account to view it in the right-hand pane.
At the top of the right-hand pane is an AirDrop button and an Edit button. Click AirDrop to share an account with someone nearby or Edit to make changes or set up a two-factor verification code. If you want to copy information, click the User Name, Password, Verification Code, or Website item to get a Copy menu. The password becomes visible when you mouse over it. Clicking Website also offers an Open Website option and lets you add more sites where the password should autofill.
Setup Requirements
Most people shouldn’t need to do anything to start using Passwords. However, if you have trouble, check the following items:
Turn on Password AutoFill: If your device isn’t entering passwords for you, turn on AutoFill Passwords and Passkeys in Settings/System Settings > General > AutoFill & Passwords. Also, ensure that Passwords is enabled in the AutoFill From section if multiple password managers are installed.
Turn on iCloud Keychain: If you want your passwords to sync securely among your devices, which makes life a lot easier, go to Settings/System Settings > Your Name > iCloud > Passwords and turn on Sync This Device.
Set up iCloud Passwords for other browsers: Apart from Safari, Chromium-based Web browsers (Arc, Brave, Google Chrome, Microsoft Edge, etc.) can access and autofill your saved passwords if you install Apple’s iCloud Passwords Chrome extension. (There’s also now an iCloud Passwords add-on for Firefox.) The overall experience is not as seamless as in Safari, requiring a once-per-launch code, and you have to create new accounts in Safari or manually in Passwords, but it works.
Configure settings: Choose Passwords > Settings (or look in Settings > Apps > Passwords for iOS 18 and iPadOS 18) to access options. Generally speaking, it’s fine to keep them all turned on.
If you have additional questions, check Apple’s documentation for detailed instructions for all the platforms on which Passwords runs. But realistically, Passwords is easy to use, and although the app itself is new, the underlying password management features and syncing have been in place for years, so they’re stable and reliable.
(Featured image by iStock.com/designer491)
Social Media: Apple’s new Passwords app in macOS 15, iOS 18, iPadOS 18, and visionOS 2 makes the company’s longstanding password storage and syncing features more straightforward and easy to use. It’s password management for the rest of us!
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-10-01 15:04:002024-10-31 14:47:21Passwords Becomes a Real App in macOS 15 Sequoia, iOS 18, and iPadOS 18
Although paying attention to online security is of primary importance, don’t forget local security. You don’t want to go out for lunch and let someone wandering by your office poke through your email, messages, photos, and private files. To ensure this doesn’t happen, set your Mac to start the screen saver or sleep the display after a few minutes (on a laptop, just close the lid), and then set “Require password after screen saver begins or display is turned off” to a short duration. We recommend 1 or 5 minutes, though you can adjust to balance inconvenience against security. To eliminate the fuss almost entirely, use Touch ID or an Apple Watch to unlock your Mac without having to type your password.
(Featured image based on an original by iStock.com/Armastas)
Social Media: Don’t forget about local security on your Mac. Make sure to require a password shortly after the screen saver starts or the display sleeps to prevent people from riffling through your email, photos, messages, and more.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-09-03 14:06:002024-10-01 07:19:19Set macOS to Require a Password after Screen Saver Start or Display Sleep
We’ve written in the past about how Apple-only companies can protect themselves from ransomware (strong security, isolated backups, monitoring software), but realistically, it’s primarily a threat to computers running Windows and Linux. If you, or anyone you know, is targeted by ransomware, look to the No More Ransom website, developed by Europol’s European Cybercrime Centre and the Dutch police, for advice and tools. The advice boils down to: “Don’t pay the ransom because it proves to the criminals that ransomware works, and there’s no guarantee it will solve your problem.” On the tools side, the Crypto Sheriff helps identify the type of ransomware in play, and No More Ransom provides decryption tools for 180 different forms and variants of ransomware. There are no guarantees, but anyone who has fallen prey to ransomware should start with No More Ransom.
(Featured image based on original by iStock.com/Suebsiri)
Social Media: Ransomware primarily affects Windows and Linux computers, but if you, or anyone you know, falls prey to it, visit the No More Ransom website for advice and decryption tools.
QR codes, those square, blocky codes you scan with your iPhone’s camera to load a Web page, have become ubiquitous. So much so that we seldom pause before scanning any QR code we see. But if you think about it, that’s the same as clicking random links in emails or texts, which is a terrible idea from a security perspective. “Quishing” (QR code phishing) isn’t commonplace yet, but some sources say there are thousands of cases per month. To avoid falling victim to a quishing scam, only scan QR codes from trusted sources, try to verify what a code will do once scanned, and evaluate the yellow URL preview Safari provides (when using other browsers, all you see is Open in Browser Name). Finally, always install iOS security updates promptly because they often address vulnerabilities that could be exploited with malicious data.
(Featured image based on an original by iStock.com/B4LLS)
Social Media: QR codes—those blocky squares you scan with your iPhone camera—are an easy way to open a Web page. Unfortunately, scammers also use them to trick people into visiting malicious websites, so read our tip about scanning these codes safely.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-08-01 13:08:002024-09-03 01:52:33Be Careful When Scanning Unknown QR Codes
We recently wrote an article for those who manage their own Internet domain names about using SPF, DKIM, and DMARC to prevent your domains from being used in phishing attacks and enhance the deliverability of legitimate email. But what about other domains you own but don’t use for email? To make phishing attacks more believable, spammers sometimes forge email so it appears to come from parked domains that aren’t protected. You can use SPF, DKIM, and DMARC to ensure that forged email that seems to come from your unused domains isn’t accepted. The details are too specific to go into here, but Cloudflare has an excellent article outlining what you need to do.
(Featured image based on an original by iStock.com/Igor Kutyaev)
Social Media: If you have parked domains that never send email, it’s important to set up SPF, DKIM, and DMARC so scammers can’t forge legitimate-looking email from those domains.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-08-01 13:06:002024-09-13 09:40:46Protect Domains That Don’t Send Email from Email Spoofing
In the Apple world, the account that controls access to all your Apple-related online services is the Apple ID. Buying apps from the App Store, putting photos in iCloud Photos, and sharing data between iCloud-enabled apps—all these actions rely on your Apple ID. If you’re a regular Apple user, you have an Apple ID associated with your email address.
Most Apple users set up an Apple ID when they configure their first Apple device, and if you don’t have an email address that you want to use, you can create a free @icloud.com address during the process. (If you need to create a new Apple ID, you can do that at appleid.apple.com.)
There are actually two types of Apple IDs: personal Apple IDs used by individual users and managed Apple IDs given to employees by businesses and other organizations. Managed Apple IDs are popular with companies that give devices to staff members and need to ensure compliance with various usage and security policies. Let’s look at how they differ:
Creation, ownership, and control: Individuals set up personal Apple IDs on their own and maintain full ownership over the account and control over the device. Managed Apple IDs are set up by the organization, typically through Apple Business Manager, and the organization retains ownership and control for centralized management. That control is essential when an employee leaves. Otherwise, a company may be unable to reset a returned device and give it to another employee.
Access to Apple services: Personal Apple IDs have full access to all Apple services and features. Managed Apple IDs have much more limited access to protect the organization from unauthorized purchases and insecure behavior. Users with managed Apple IDs can’t purchase anything from the App Store, iTunes Store, or Apple Books. Nor can they access Apple Arcade, Apple Fitness+, Apple Music, Apple Music radio, Apple News+, or Apple TV+. The Find My, Health, Home, Journal, and Wallet apps aren’t available or fully functional. Plus, Apple Pay, iCloud Family Sharing, iCloud Mail, and iCloud+ services like Private Relay, Hide My Email, and custom email domains are unavailable.
Security and management: When a device relies on a personal Apple ID, that user is responsible for maintaining security and managing apps (which will belong to the user). That’s appropriate for individuals, but for companies that need to protect corporate information, managed Apple IDs allow the IT department to enhance security by requiring passcodes, enforcing password policies, setting role-based permissions, and separating work and personal data. On the management side, managed Apple IDs make it easier to reset devices, revoke access, comply with legal and privacy regulations, integrate with corporate identity systems, and centralize app licensing.
Though some organizations may prevent it, it is technically possible to use both types of Apple IDs on the same device. For instance, you could use a managed Apple ID on an employer-provided device along with a personal ID to access the App Store, Apple Music, Apple News+, and other Apple services. To do that on an iPhone, you’d go to Settings > Your Name > Media & Purchases and either sign in with your personal Apple ID or, if necessary, tap Sign Out and sign back in.
What’s the takeaway? There are three possibilities, depending on who owns the device and the employer’s security and management policies:
Personal device not used for work: If you’re a regular user who has purchased your own device and you either don’t use it for work or your employer doesn’t care what you do, all you need is a single personal Apple ID. Although it’s possible to create multiple Apple IDs and use them for different purposes, it’s a recipe for confusion down the road.
Personal device used for work: If your employer has a BYOD (Bring Your Own Device) program that lets you use your own device with corporate resources, they will likely ask to use Apple’s User Enrollment to create a profile on the device that separates personal and work data and allows the use of both personal and managed Apple IDs. Although the IT department cannot access your personal data (emails, messages, photos, location, etc.), it can enforce security policies, install and configure work-related apps, and control corporate data on the device. Some people find the privacy implications of this approach troubling and opt for separate work and personal devices.
Employer-provided device: If your employer provides a device for your use, they will likely require you to use a managed Apple ID on it. That prevents you from having to worry about security or management, but comes with some restrictions on what you can do. Talk to your IT department if you also want to use your personal Apple ID on the device.
Hopefully, we’ve clarified the situation surrounding personal and managed Apple IDs. Which makes the most sense in any given situation depends on a wide range of variables, so contact us if you need to talk through the possibilities as either an employee or employer.
(Featured image based on an original by iStock.com/dolgachov)
Social Media: There are actually two types of Apple IDs: personal and managed. Regular users have personal Apple IDs; those who use employer-provided devices are often required to use managed Apple IDs. Learn more about both.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-08-01 13:04:002024-09-13 09:40:07Understanding the Key Differences Between Personal and Managed Apple IDs
When your team or family shares access to a single account (such as for banking or social media, which seldom offer multi-user access), using two-factor authentication via SMS is awkward—whose phone receives the 2FA codes? One solution is to use an authentication app. Authentication apps are more secure, and multiple people can add 2FA support to the same account by scanning the QR code at setup or adding the 2FA setup URL later. (In both 1Password and Apple’s iCloud Keychain, edit the login to see and copy the setup URL.) An even better solution is to use a password manager that supports both 2FA codes and password sharing. That way, one person can set up the account with 2FA and add its login to a shared vault or collection. 1Password, Bitwarden, Dashlane, iCloud Keychain, and others provide such features.
(Featured image by iStock.com/May_Chanikran)
Social Media: For better results when a team or family group needs to share 2FA codes to log in to a website, try to use an authentication app instead of SMS, or better yet, use a password manager that can both generate 2FA codes and share logins with a group.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-06-03 11:06:002024-06-30 13:03:38Share 2FA Setup for Team Access to a Single Account
Apple’s iCloud Keychain Password Management Is All Many People Need
We constantly recommend using a password manager like 1Password, BitWarden, or Dashlane. But many people resist committing to yet another app or paying for yet another service. Isn’t Apple’s built-in iCloud Keychain password management good enough?
The answer now is yes, thanks to two recent changes:
In iOS 17.3, Apple added Stolen Device Protection, which leverages biometric authentication—Face ID or Touch ID—to protect users against thieves who would surreptitiously learn someone’s passcode, steal their iPhone, and then take over their digital lives. One of the worst aspects of that attack was that the iPhone passcode was sufficient to access the user’s stored passwords, so the thief could get into everything.
Until mid-2023, Apple’s built-in password management worked only in Safari, which was problematic for users who rely on other browsers. Then Apple updated its iCloud Passwords extension for Google Chrome to work not just in Windows, but also in Mac browsers based on Google Chrome running in macOS 14 Sonoma. There’s also now an iCloud Passwords add-on for Firefox.
If you aren’t yet using a password manager, try iCloud Keychain.
Passwords Basics
Apple integrated iCloud Keychain into macOS, iOS, and iPadOS at a low level, so you mostly interact with your passwords in Safari. But first, make sure to enable iCloud Keychain so your passwords sync between your devices. On the Mac, you do that in System Settings > Your Name > iCloud > Passwords & Keychain. On an iPhone or iPad, it’s in Settings > Your Name > iCloud > Passwords and Keychain.
If you’re using a browser other than Safari, install the iCloud Passwords extension or add-on and activate it by clicking it in the toolbar and entering the verification code when prompted.
When it comes to website accounts, there are two main actions: creating a login and logging in to a site:
Create a new login: When you need to create an account on a new website, after you enter whatever it wants for email or username, Safari creates a strong password for you. Unfortunately, the iCloud Passwords extension or add-on on the Mac can’t generate passwords—you can either create a strong password manually or switch to Safari temporarily to let it create one. When you submit your credentials, you’ll be prompted to save them.
Autofill an existing login: The next time you want to log in to a site for which you’ve saved credentials, Safari or your other browser on the Mac displays a pop-up with logins matching the domain of the site you’re on. On the iPhone or iPad, you might get an alert at the bottom of the screen or have to pick a choice in the QuickType bar above the keyboard.
For basic usage, that’s it! However, iCloud Keychain can make mistakes. The site shown above asks for both an email address and a username and wants the email address for logging in, but iCloud Keychain remembered the username instead. Happily, Apple makes it easy to fix such unusual missteps. On the Mac, open System Settings > Passwords, or on the iPhone or iPad, open Settings > Passwords. Here’s where you find and edit your saved logins.
Open the desired login by double-clicking it on the Mac or tapping it on the iPhone or iPad, then click or tap Edit and make any desired changes.
iCloud Keychain provides additional features and options:
A search field at the top of the Passwords window or screen helps you find logins if scanning the full list is frustrating.
You can use commands in the + menu to create new passwords and shared groups. On the Mac, commands in the ••• menu let you import and export passwords; the iPhone and iPad use that menu to bulk-select passwords for deletion and show generated passwords.
Shared groups let you share a subset of passwords with family or colleagues. Choosing New Shared Group triggers an assistant that walks you through naming the group, adding people from Contacts, and choosing which passwords to share. You can move passwords between groups at any time.
The Security Recommendations screen displays logins exposed in known breaches and points out logins with weak passwords. Check those and update them as necessary.
In Password Options, you can turn off autofill, but why would you? Another option automatically deletes verification codes you receive in Messages after it inserts them with autofill.
On websites that support two-factor authentication, you can set up a login to autofill the verification code. During setup on the site, you’ll get a QR code you can scan with an iPhone or iPad if you’re using a Mac; if you’re using an iPhone or iPad, touch and hold the QR code and choose Add Verification Code in Passwords. Once you finish configuring the login, you’ll have to enter the six-digit verification code on the site to link it with the login.
Overall, iCloud Keychain provides the password management features that most people need, and it’s a massive security improvement over keeping a document of your passwords on your desktop.
(Featured image by iStock.com/loooby)
Social Media: Apple’s iCloud Keychain password manager keeps improving, and we now recommend it, especially for those not already using a third-party password manager. Here’s how to use iCloud Keychain to store and enter secure passwords.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-05-01 13:04:002024-05-08 02:20:30Apple’s iCloud Keychain Password Management Is All Many People Need
Does it feel like your Apple devices are always asking you to install operating system updates? You’re not wrong—from September 2022 to January 2024, we saw the following releases in Apple’s previous set of operating systems:
macOS 13 Ventura: 20 releases
iOS 16: 25 releases
iPadOS 16: 20 releases
watchOS 9: 15 releases
tvOS 16: 12 releases
Apple issued many of those at the same time, but since you might not use all your devices every day, it can seem as though you spend all your time installing updates. As annoying as updating can be, we encourage you to do so soon after you’re notified for three reasons.
Reason One: Fewer Bugs
First, as has always been the case, updates fix bugs. You may not have experienced all the bugs that Apple fixes, but when one blocks something you want to do, the fix comes as a huge relief.
For instance, in a set of releases in January 2024, Apple inadvertently introduced a bug that caused text in many apps, including Mail, Notes, and Safari, to appear to be duplicated and overlap. It was only cosmetic, and switching to another window or resizing the window would make it look right again. But the bug was hugely disconcerting, so Apple fixed it two weeks later in macOS 14.3.1 Sonoma, iOS 17.3.1, iPadOS 17.3.1, and Safari 17.3.1 (which brought the fix to macOS 13 Ventura and macOS 12 Monterey).
Reason Two: Better Security
Second, many of the bugs Apple fixes won’t impact your experience of using your device, but they make it possible for attackers to steal information, install malware, spy on your communications, or even take over your entire device. Nearly all of Apple’s operating system updates contain security fixes to address newly discovered vulnerabilities, and some releases only have security fixes. Apple continues to release security updates for the last two versions of macOS and older versions of iOS and iPadOS as appropriate.
It’s easy to think that you won’t be impacted by security vulnerabilities, but remember that as soon as Apple releases an update outlining what it has fixed, attackers know what vulnerabilities exist in unpatched systems. Apple has to react swiftly to some reported vulnerabilities because blocking them can literally be a matter of life or death when it comes to, for instance, iPhone-using dissidents, activists, or journalists working in opposition to repressive governments that employ spyware against their enemies. (All spyware relies on previously unidentified vulnerabilities.)
However, some security vulnerabilities are more likely to impact regular users. For instance, in macOS 14.2.1, Apple fixed a bug in Screen Sharing. If you were sharing your full screen with someone else and had multiple Spaces, Screen Sharing could show the other person random windows in other Spaces, which could range from embarrassing (adult pictures) to seriously problematic (passwords or financial details).
Reason Three: New Features
Third, on the positive side, many operating system releases introduce welcome new features. When Apple unveils its next set of operating systems at the Worldwide Developer Conference in June, some of the promised features won’t appear with the initial releases. New features that shipped in later releases of macOS 14 Sonoma, iOS 17, iPadOS 17, and watchOS 10 include:
watchOS’s double-tap gesture for tapping the default button in many apps
AirDrop transfers continuing over the Internet when you move out of AirDrop range
Adding NameDrop to share contact info when you bring two devices near each other
Additional options to control when the iPhone screen shuts off in StandBy
The option to choose a specific album for the Lock Screen’s Photo Shuffle wallpaper
HomeKey support for Matter locks
Expanded Favorites in the Music app
A new automatic Favorite Songs playlist in the Music app
The addition of Apple’s Journal app
A Translate option for the Action button in the iPhone 15 Pro models
10-day precipitation forecasts in the Weather app
Sharing of eligible passes in the Wallet app via NameDrop-like proximity
A catch-up arrow in Messages that lets you jump to the first unread message
Multiple timers in the Clock app on the Mac
Stolen Device Protection for the iPhone
Collaborative playlists in Apple Music
Support for streaming content to TVs in select hotel rooms using AirPlay
Just Update It
Updates provide both a carrot (user-facing bug fixes and new features) and a stick (security fixes). That’s why we recommend updating soon after Apple pushes out a new release and why devices under management usually receive updates quickly. Even if a security breach is unlikely, the liability of allowing devices to remain unpatched is too high for most organizations. Installing updates is an easy way to reduce worry about things like compromised accounts and ransomware.
There are three types of operating system releases:
Minor bug fix and security updates: Install these as soon as convenient, usually within a few days. Examples of these include macOS 14.3 to 14.3.1.
Interim feature updates: Because these include bug fixes and security updates alongside the new features, you’ll also want to install these within a few days. An example is iOS 17.2.1 to iOS 17.3.
Major version upgrades: Because Apple always releases security updates for the two versions of macOS before the current one, you can wait a month or three before installing a major upgrade, such as from macOS 13 to macOS 14. However, once you’ve verified that your apps and workflow are compatible with the new version, we recommend upgrading because skipping a major version of macOS often results in a more difficult upgrade experience.
In each of these cases, if you’re worried about how an update might impact your workflow, check online forums for discussions of each update and feel free to ask us what we recommend for your particular situation.
(Featured image by iStock.com/Fokusiert)
Social Media: We know it seems like your Apple devices are constantly asking you to install an update. Other than for major upgrades, we recommend updating shortly after updates appear so you can take advantage of bug fixes, security updates, and new features.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-03-01 14:04:002024-03-05 11:49:15The Importance of Staying Updated
